Systems and methods are disclosed to implement a cyberattack detection system that monitors a computer network for lateral movement. In embodiments, the system uses network data from a computer network to build a baseline of connection behaviors for the network. Connection graphs are generated from new network data that indicate groups of nodes that made connections with one another during a last time interval. The graphs are analyzed for connection behavior anomalies and ranked to determine a subset of graphs with suspected lateral movement. Graphs with suspected lateral movement may be further analyzed to determine a set of possible attack paths in the lateral movements. The suspected attack paths are reported to network administrators via a notification interface. Advantageously, the disclosed system is able to detect potential lateral movements in localized portions of a network by monitoring for connection behavior anomalies in network data gathered from the network.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
14. The system of claim 13, wherein the GUI displays the graph metric of the highest-ranking connection graph.
A system for visualizing and analyzing connection graphs in a graphical user interface (GUI) is disclosed. The system addresses the challenge of efficiently presenting complex network data, such as social networks, communication networks, or other relational datasets, in a way that highlights meaningful patterns and relationships. The GUI displays a graph metric of the highest-ranking connection graph, allowing users to quickly identify the most significant connections within the dataset. The system ranks connection graphs based on predefined criteria, such as centrality, density, or other graph-theoretic metrics, to determine which graph should be prioritized for display. The GUI may include interactive elements, such as zoom, filtering, or node selection, to enhance user exploration of the graph. The system may also support dynamic updates, allowing the graph to reflect real-time changes in the underlying data. By focusing on the highest-ranking graph, the system helps users focus on the most relevant information, improving decision-making in applications like network analysis, fraud detection, or social network monitoring. The system may integrate with external data sources or APIs to fetch and process connection data automatically.
16. The system of claim 13, wherein the cyberattack monitoring service is hosted on a service provider network that provides computing resources for executing the cyberattack monitoring service.
A cybersecurity system monitors and mitigates cyberattacks targeting networked devices, such as IoT devices, by analyzing network traffic for malicious patterns. The system includes a cyberattack monitoring service that detects and responds to threats in real time. This service is hosted on a service provider network, which provides the necessary computing resources to execute the monitoring functions. The service provider network may include cloud-based or on-premises infrastructure, ensuring scalability and reliability for threat detection. The system also includes a device management service that manages the networked devices, collecting data from them to enhance threat detection accuracy. Additionally, a user interface allows administrators to configure monitoring parameters, view alerts, and take corrective actions. The system may also include a rules engine that defines detection criteria and response actions, ensuring automated and efficient threat mitigation. By leveraging the service provider network, the system ensures robust and centralized monitoring capabilities, reducing the risk of cyberattacks on connected devices.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 8, 2023
April 9, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.